Technical requirements

Before you begin, you will need the following:

• Access to the AWS Management Console (https://aws.amazon.com/console/). This requires Amazon login credentials. The AWS Elastic Compute Cloud (EC2) instances that will host the Splunk deployment server, indexer, and search head are c5.large (Splunk-recommended) instances. They will incur a cost of about $0.085/hr at the time of writing this book. Be careful to turn off the servers once you are finished with the case study to avoid additional costs.
• You will need an SSH client to access the Linux-based AWS instances (deploymentserver, searchhead, and indexer). We use the Terminal application on a Macbook in this chapter. You can use a SSH client such as PuTTY (https://www.putty.org) if you are using a Microsoft Windows device.
• You will access AWS EC2 instances using key pairs. You will generate a key pair when you launch an instance. You can use one key pair across your different EC2 instances. You will need to remember where you store the private key to access an EC2 instance via SSH. Refer to https://tinyurl.com/yt4nwysf for more information on generating key pairs.
• You will need a Remote Desktop Protocol (RDP) application such as Microsoft Remote Desktop (https://bit.ly/3PK24tQ) (we8105desk, de9041srv, we1149srv).
• You will need to keep track of your passwords for the different devices. A tool such as KeePass (https://keepass.info/) may come in handy. Best practices recommend that we create new users and disable the default admin username and passwords. For simplicity and consistency, the instructions in this book use the default credentials for accessing the AWS EC2 instances via SSH, RDP, and Splunk Web.
• To keep the installation instructions in this chapter as simple as possible, more advanced security hardening steps are not implemented. Be sure to read up on hardening your servers on the Splunk website (https://splk.it/3zc2HFd).